Can't see list of users or groups when adding permissions in Access Control in the Azure portal
This article provides information to an issue in which you can't see list of users or groups when adding permissions in Access Control (IAM) in the Azure portal.
Original product version: Azure
Original KB number: 4229970
Symptoms
When you try to add permissions in IAM in the Azure portal, you cannot see the list of users or groups.
Cause
This issue occurs because the account that you used to sign in to Azure portal does not have enumeration permission. This account might be a guest user who has been invited to the directory that you are trying to give access to other Azure resources. Even if this guest user is a global administrator, they still will not have enumeration permission.
Resolution
To resolve this issue, use one of the following methods:
Method 1: To allow all guest users enumeration privileges
- Sign in to the Azure portal by using Global Administrator.
- If applicable, switch to the directory where the guest user was added.
- Go to Azure Active Directory.
- Go to User Settings.
- Change the Guest users permissions are limited setting to No, and then select Save.
Method 2: To allow only the one guest user or configure on a per user basis
Open Windows PowerShell.
Run the following cmdlet:
Import-Module AzureAdMake sure that the Azure AD for Graph is installed. For more information, see Azure Active Directory PowerShell for Graph.
As a global administrator of the directory where the guest user was added, connect to Azure AD PowerShell and the directory:
Connect-AzureAD -TenantId 'Tenant_Directory_Id'You can get the Directory ID by looking at your Azure Active Directory Properties in the Azure portal.
Run the following cmdlet:
Set-AzureADUser -ObjectId 'User_Object_Id' -UserType MemberYou can get the users Object ID by looking at the Users Profile page within the Azure portal.